]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fea1a48) | patch
Allow validation of PACs with enterprise names 744/head
authorIsaac Boukris <iboukris@gmail.com>
Tue, 13 Mar 2018 23:19:17 +0000 (01:19 +0200)
committerGreg Hudson <ghudson@mit.edu>
Wed, 14 Mar 2018 15:21:36 +0000 (11:21 -0400)
commitf876aab80a69f9b934cd7f4e2339e3815aa8c4bf
treec9e9b314ad0aefd8111d435b2f9e131abb9997cetree
parentfea1a488924faa3938ef723feaa1ff12d22a91ffcommit | diff
Allow validation of PACs with enterprise names

In k5_pac_validate_client(), if we are verifying against an enterprise
principal, parse the PAC_CLIENT_INFO field as an enterprise principal.
This scenario may arise in the response to an S4U2Self request for an
enterprise principal, as the KDC does not appear to canonicalize the
client principal requested in PA-FOR-USER.

[ghudson@mit.edu: rewrote commit message; adjusted style]

ticket: 8649 (new)
tags: pullup
target_version: 1.16-next
src/lib/krb5/krb/pac.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git